堆栈内存溢出
  简体   繁体   English

子域和主域上的SSL-ehost

[英]SSL on subdomain and primary domain - ehost

 原文  2017-02-23 10:28:53       apache/ ssl/ subdomain

问题描述

I have issue with my provider - ehost. 我的提供者有问题-ehost。

I have wildcard certificate. 我有通配符证书。 I wanted to first test it before I go live. 我想先测试一下再上线。 So I request to install it on subdomain first (uat.domain.com). 因此,我要求先将其安装在子域(uat.domain.com)上。 I have tested application and want to go live. 我已经测试过应用程序,并且想要上线。 Provider said that it is impossible to install certificate on primary domain (domain.com) because they have installed it first on subdomain. 提供商说,不可能在主域(domain.com)上安装证书,因为他们首先在子域上安装了证书。

Of course they have offered me to buy certificate from them. 当然,他们提供了我从他们那里购买证书的服务。

I really don't understand the issue can someone tell me if they have right or not? 我真的不明白这个问题,有人可以告诉我他们是否正确? I thought that is possible even to take the certficate from ehost and send it to another provider and install it. 我认为甚至可以从ehost取得证书并将其发送给另一提供商并安装它。 The certificate is now installed on Apache Server and folders to subdomain and primary domain are in the same server. 现在,证书已安装在Apache服务器上,子域和主域的文件夹位于同一服务器中。

1 个解决方案

解决方案1
 1 已采纳  2017-02-23 10:58:17

Without looking at the actual configuration it is hard to tell, but to answer your question, if they say it is impossible, that is because they are just using 1 VirtualHost in their server. 如果不看实际配置,很难说,但是要回答您的问题(如果他们说不可能),那是因为他们在服务器中仅使用1个VirtualHost。

Generally shared hosting have these kind of issues because they dedicate 1 single instance of Apache to many different clients and have 1 virtualhost per client, but this is just guessing you need to check this is what currently happening. 通常,共享托管会出现此类问题,因为它们将Apache的一个实例专用于许多不同的客户端,并且每个客户端具有1个虚拟主机,但这只是猜测您需要检查当前情况。

But I can also describe how Apache works so you understand what may be happening: 但是我还可以描述Apache的工作方式,以便您了解可能发生的情况:

If the Apache configuration has different virtualhosts, you can have as many different certificates, wildcards and whatnot, as virtualhosts you have. 如果Apache配置具有不同的虚拟主机,则可以拥有与虚拟主机一样多的不同证书,通配符和其他内容。

This is, 1 certificate per VirtualHost. 这是每个VirtualHost 1个证书。

But that is not all, if you have several different domain or subdomain names this is when you need to carefully plan how you must configure them. 但这还不是全部,如果您有几个不同的域名或子域名,那么这是您需要仔细计划如何配置它们的时候。

For instance 例如

If you have defined this virtualhost first: 如果先定义了此虚拟主机,则: 

<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
</VirtualHost>

No other virtualhosts for whatever.example.com or example.com will apply or be used since this virtualhost will grab all the requests for those names. 不会应用或使用any.example.com或example.com的其他虚拟主机,因为此虚拟主机将捕获对这些名称的所有请求。

But if you have: 但是,如果您有: 

<VirtualHost *:443>
ServerName domain.com
</VirtualHost>

And now you need to define a virtualhost with a new wildcard certificate for your subdomain, you can perfectly do using the new wildcard certificate for *.example.com: 现在,您需要为您的子域定义一个带有新通配符证书的虚拟主机,您可以完美地将新通配符证书用于* .example.com: 

<VirtualHost *:443>
ServerName xxxxx.example.com
</VirtualHost>

and can now define more virtualhosts if you want/need with the same wildcard cert for *.example.com: 并且现在可以定义更多虚拟主机,如果您希望/需要为* .example.com使用相同的通配符证书: 

<VirtualHost *:443>
ServerName yyyyy.example.com
</VirtualHost>

Note these are stripped down virtualhost examples (obviously your virtualhosts will have more directives inside them, specially the ones loading the key and certificates, etc). 请注意,这些是简化的virtualhost示例(显然,您的虚拟主机中将包含更多指令,尤其是那些加载密钥和证书的指令)。

And briefly, things you need to consider: 简要地说,您需要考虑的事项:

  1. Apache HTTPD looks at Host header to know to which virtualhost it must deliver the request. Apache HTTPD查看主机标头,以了解它必须将请求传递到哪个虚拟主机。
  2. If you overlap names or define too greedy serveraliases, further defined virtualhosts may never receive requests if the previous virtualhosts matches the host name requested. 如果您重叠名称或定义过于贪婪的服务器别名,则如果先前的虚拟主机与请求的主机名匹配,则进一步定义的虚拟主机可能永远不会收到请求。 This is, first match in virtualhost list wins. 这是virtualhost列表中的第一个比赛获胜。
  3. Apache lets you have 1 certificate per virtualhost, it does not matter if you use the same certificate in several virtualhosts though. Apache为每个虚拟主机提供1个证书,但是在多个虚拟主机中使用相同的证书也没关系。
  4. You just have to be careful of not overlapping names and wildcards if you use ServerAlias. 如果使用ServerAlias,只需要注意不要重叠名称和通配符。 Having two virtualhosts covering the same name will just make httpd ignore the second virtualhost for the same name. 具有两个覆盖相同名称的虚拟主机只会使httpd忽略具有相同名称的第二个虚拟主机。
  5. If you have several different files for different virtualhosts, their files are read in alphabetical order, so if you have a-virtualhost.conf with servername 1.example.com and b-virtualhost.conf also with servername 1.example.com, b-virtualhost.conf will be ignored. 如果您为不同的虚拟主机有多个不同的文件,则它们的文件将按字母顺序读取,因此,如果您有一个a-virtualhost.conf,服务器名称为1.example.com,而b-virtualhost.conf,其服务器名称为1.example.com,b -virtualhost.conf将被忽略。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 子域的SSL允许父域重定向到子域 - SSL for subdomain is allowing parent domain to redirect to subdomain 仅在ssl请求上将子域转发到主域 - Subdomain forwarding to main domain on ssl requests only 从子域重定向到主域,而无需重写URL - Redirect from subdomain to primary domain without rewriting URL 根域上的邮件服务器的SSL证书与子域上的通配符的SSL证书 - SSL certificate for mail server on root domain vs wildcard on subdomain 将主域和support.example.com重定向到https,但所有其他子域除外 - redirect primary domain and support.example.com to https except all other subdomain HTAccess“镜像域”,尊重SSL,尊重co.uk + .com,保留子域和request_uri - HTAccess 'Mirror Domain', respecting SSL, respecting co.uk+.com, keeping subdomain and request_uri 通配符SSL子域转发 - Wildcard SSL Subdomain forwarding 在单个子域上使用SSL的Phpmyadmin - Phpmyadmin with SSL on a single subdomain 子域不使用 SSL 重定向 - Subdomain does not redirect with SSL 使用Apache,如何将网站的子文件夹重定向到子域,但将除该子文件夹之外的所有内容都重定向到主域? - Using Apache, how can I redirect a subfolder of a site to a subdomain but redirect everything but that subfolder to the primary domain?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM